Av-comparatives April results

Discussion in 'Prevx Releases' started by darts, May 15, 2012.

Thread Status:
Not open for further replies.
  1. No_script

    No_script Registered Member

    Joined:
    May 12, 2012
    Posts:
    97
    Yeah I did block those files, my mistake. But runddl32.exe is flagged anyway?

    Still doesn't explain missing

    NMC.INFOSTEALER.SCRAPKUT
    NMC.SAULTY.G

    I got a hit on those from other scanners.
     
  2. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    If the filename is exactly as you've typed it, I'm not surprised WSA flagged it. The legitimate Windows file is rundll32.exe.
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I can't work through the noise in your scan log. You blocked and cleaned too many operating system components which made everything stop functioning properly. I wouldn't be surprised if the AV was detecting WSA as bad as it was told to delete so many critical files.
     
  4. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Heh...I go back to my post #82...:D
     
  5. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,312
    Location:
    USN Retired 1969 ~ 1992
    Wow :eek: :eek:
     
  6. superssjdan

    superssjdan Registered Member

    Joined:
    Dec 11, 2011
    Posts:
    148
    Location:
    USA
    You seem to have the worst luck with infections.From what i've seen,the least of your problems is Webroot.Something tells me no matter what av you run,you will wind up being infected.Some things should NEVER be changed.Too much tinkering is a horrible thing.Throwing stones constantly at Webroot won't fixed your self inflicted problems.I wonder,how much pirated software you might possess??Might be the answer to some of your infections
     
  7. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Hate to say it but is sounds to me like re-format time...:blink: :eek:
     
  8. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    Maybe your "friend" tested his "hax skills" on you?
     
  9. No_script

    No_script Registered Member

    Joined:
    May 12, 2012
    Posts:
    97
    Webroot shouldn't **** itself if you block a few processes. A few things, why is HTTPS protection off by default? At least on my system it is. The firewall basically lets everything in without exception! You MUST block ICMP echo pings, have this as a setting please.


    NONE, so rule that out. Webroot just hasn't picked up the infections I've got. But there are so many programs out there that are well respected as safe when they are not, Combofix & Bleechbit are 2 that are very very very dodgy to the point that they should be flagged as a malware.
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Well, it certainly won't break if you block a few processes. It's when you manually decide to block and manually delete Windows Explorer, rundll32, wuauclt, mscorsvw, wudfhost, wermgr, ... (the list goes on), that any operating system would get a bit angsty ;)

    Again, I haven't seen an actual infection on your PC, but there has been far too much clutter in the scan logs with incorrect actions to tell. If you could reimage and install Webroot but then do not change any configuration options or manually delete operating system files I'll gladly take a look at what remains in your scan log to see if you are indeed infected.
     
  11. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
  12. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,293
    Joe , you sure got a saint 's patient. Professionalism all the way :thumb:

    Trolls nowadays are so easy to identify ...
     
  13. No_script

    No_script Registered Member

    Joined:
    May 12, 2012
    Posts:
    97
    Knew it. I'm checking with the tool right now.

    BTW Webroot turned off all settings on reboot, hmmmmm somethings up. Why would it turn itself off?

    I think malware/attacker executing code in/to/through Webroot to shut itself down and infect the machine.
     
  14. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    So far I have seen only the user getting heavily "infected" :D :rolleyes:
     
  15. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Sounds to me like user error. Time to reformat or re-image...:cautious:
     
  16. superssjdan

    superssjdan Registered Member

    Joined:
    Dec 11, 2011
    Posts:
    148
    Location:
    USA
    Definitely reformat.Reimage is ok assuming there was nothing screwed up in the first place and no changes made to critical system files before imaging,which i find hard to believe.Do yourself a favor and reformat unless somehow you think Webroot will get you infected after that as well:D
     
  17. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    714
    Location:
    UK
    I'd go a step further and zerofill.
     
  18. No_script

    No_script Registered Member

    Joined:
    May 12, 2012
    Posts:
    97
    There is no user error, I don't run crap programs like flash, java & harden my OS. Seriously so much fanboism going on. :rolleyes:
     
  19. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    But you did manually delete a bunch of operating system files as Joe states? Yes or no?
     
  20. Sir Percy

    Sir Percy Registered Member

    Joined:
    Apr 22, 2010
    Posts:
    266
    Perhaps time to move the "No_script posts" to it's own thread, chances are he might learn something over the next weeks?

    Then the rest of the world (fanboys the lot of them) can have this one to discuss the latest AV comparatives. :)
     
  21. superssjdan

    superssjdan Registered Member

    Joined:
    Dec 11, 2011
    Posts:
    148
    Location:
    USA
    There is a big difference between hardening and breaking the os.It seems your hardening hasn't done you much good being you claim you are infected.I might suggest attending a Microsoft IT seminar nearest you.They are given all the time.You might learn a great deal:D
     
  22. No_script

    No_script Registered Member

    Joined:
    May 12, 2012
    Posts:
    97
    No, I installed a fresh image from the start. So there is no chance of anything being dirty or me deleting anything this time.


    If you don't believe me explain this below. Seems a little fishy to me.
     
  23. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Those are all perfectly normal.....
     
  24. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    LoL... this getting very funny... or tragic o_O
    PopCorn and beer ready here :D
     
  25. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    So you did delete operating system files then? i.e. WSA's log is correct?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.